Verified Commit 120c0da2 authored by Matt Devillier's avatar Matt Devillier
Browse files

Use fixed HOTP key branding



Current implementation of autodetection misidentifes older Librem
Keys as Nitrokeys due to VID conflict; assume all Librem users
are using a Librem Key.
Signed-off-by: Matt Devillier's avatarMatt DeVillier <matt.devillier@puri.sm>
parent 3a6de9dd
......@@ -144,7 +144,7 @@ while true; do
'e' ' Replace GPG key(s) in the current ROM and reflash' \
'l' ' List GPG keys in your keyring' \
'p' ' Export public GPG key to USB drive' \
'g' ' Generate GPG keys manually on a USB security token' \
'g' ' Generate GPG keys manually on a Librem Key' \
'x' ' Exit' \
2>/tmp/whiptail || recovery "GUI menu failed"
......
......@@ -161,12 +161,8 @@ else
mount_boot
fi
# Use stored HOTP key branding
if [ -r /boot/kexec_hotp_key ]; then
HOTPKEY_BRANDING="$(cat /boot/kexec_hotp_key)"
else
HOTPKEY_BRANDING="HOTP USB Security Dongle"
fi
# Use fixed HOTP key branding
HOTPKEY_BRANDING="Librem Key"
last_half=X
while true; do
......
......@@ -377,13 +377,13 @@ else
fi
# ensure USB Security Dongle connected
echo -e "\nChecking for USB Security Dongle...\n"
echo -e "\nChecking for Librem Key...\n"
# USB kernel modules already loaded via mount-usb
if ! gpg --card-status >/dev/null 2>&1 ; then
whiptail_error "Can't access USB Security Dongle; \nPlease remove and reinsert, then press Enter."
whiptail_error "Can't access Librem Key; \nPlease remove and reinsert, then press Enter."
if ! gpg --card-status >/dev/null 2>/tmp/error ; then
ERROR=$(tail -n 1 /tmp/error | fold -s)
whiptail_error_die "Unable to detect USB Security Dongle:\n\n${ERROR}"
whiptail_error_die "Unable to detect Librem Key:\n\n${ERROR}"
fi
fi
......
......@@ -24,12 +24,8 @@ fatal_error()
die "$1"
}
# Use stored HOTP key branding (this might be useful after OEM reset)
if [ -r /boot/kexec_hotp_key ]; then
HOTPKEY_BRANDING="$(cat /boot/kexec_hotp_key)"
else
HOTPKEY_BRANDING="HOTP USB Security Dongle"
fi
# Use fixed HOTP key branding
HOTPKEY_BRANDING="Librem Key"
if [ "$CONFIG_TPM" = "y" ]; then
tpm nv_readvalue \
......@@ -79,15 +75,6 @@ if ! hotp_verification info ; then
fi
fi
# Set HOTP USB Security Dongle branding based on VID
if lsusb | grep -q "20a0:" ; then
HOTPKEY_BRANDING="Nitrokey"
elif lsusb | grep -q "316d:" ; then
HOTPKEY_BRANDING="Librem Key"
else
HOTPKEY_BRANDING="HOTP USB Security Dongle"
fi
# try using factory default admin PIN
admin_pin="12345678"
hotp_initialize "$admin_pin" $HOTP_SECRET $counter_value "$HOTPKEY_BRANDING" >/dev/null 2>&1
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment